The function changes the user's password after providing the email. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (in the WP User Control Widget). The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. This is due to insufficient restrictions on the sendMail.php file that allows direct access. The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. The identifier of this vulnerability is VDB-240884. The exploit has been disclosed to the public and may be used. The manipulation of the argument email leads to sql injection. Affected by this issue is some unknown functionality of the file edit_parcel.php. VDB-241254 is the identifier assigned to this vulnerability.Ī vulnerability was found in SourceCodester Best Courier Management System 1.0. It is possible to launch the attack remotely. Affected is the function register of the file Master.php. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37 ((OTRS)) Community Edition: from 6.0.X through 6.0.34.Ī vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary security requirements. The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |